Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantxss

SUSE: 2024:2860-1 Important: Python3-Twisted XSS and HTTP Issues

* bsc#1228549 * bsc#1228552 Cross-References: * CVE-2024-41671 . # Security update for python3-Twisted Announcement ID: SUSE-SU-2024:2860-1 Rating: important References: * bsc#1228549 * bsc#1228552 Cross-References: * CVE-2024-41671 * CVE-2024-41810 CVSS scores: * CVE-2024-41671 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-41671 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2024-41810 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N * CVE-2024-41810 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * Server Applications Module 15-SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for python3-Twisted fixes the following issues: * CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web (bsc#1228549) * CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response (bsc#1228552) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methodslike YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2860=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2860=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-2860=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2860=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2860=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2860=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2860=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2860=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2860=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2860=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2860=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python-Twisted-doc-22.2.0-150400.21.1 * python3-Twisted-22.2.0-150400.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.21.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.21.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4(aarch64 x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Manager Proxy 4.3 (x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * python3-Twisted-22.2.0-150400.21.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.21.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41671.html * https://www.suse.com/security/cve/CVE-2024-41810.html * https://bugzilla.suse.com/show_bug.cgi?id=1228549 * https://bugzilla.suse.com/show_bug.cgi?id=1228552 . An update for python3-Twisted addresses various vulnerabilities with high severity impacting SUSE offerings.. Security Update, Python3 Twisted, openSUSE Release, Critical Issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 09, 2024 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryDoSsecurity patch

SUSE: 2024:1868-1 Important: Apache2 DoS and Input Validation Issues

* bsc#1221401 * bsc#1222330 * bsc#1222332 Cross-References: . # Security update for apache2 Announcement ID: SUSE-SU-2024:1868-1 Rating: important References: * bsc#1221401 * bsc#1222330 * bsc#1222332 Cross-References: * CVE-2023-38709 * CVE-2024-24795 * CVE-2024-27316 CVSS scores: * CVE-2023-38709 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-27316 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). * CVE-2024-24795: Fixed handling ofmalicious HTTP splitting response headers in multiple modules (bsc#1222332). * CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1868=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1868=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1868=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1868=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-1868=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-1868=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1868=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1868=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1868=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1868=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1868=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1868=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1868=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1868=1 ## Package List: * openSUSE Leap15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-utils-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-event-debuginfo-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-event-2.4.51-150400.6.17.1 * apache2-example-pages-2.4.51-150400.6.17.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-event-debuginfo-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-event-2.4.51-150400.6.17.1 * apache2-example-pages-2.4.51-150400.6.17.1 * openSUSE Leap 15.5 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-event-debuginfo-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-event-2.4.51-150400.6.17.1 *Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-devel-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * Server Applications Module 15-SP5 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * Server Applications Module 15-SP6 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 *apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Manager Proxy 4.3 (x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Manager Proxy 4.3 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) *apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * apache2-doc-2.4.51-150400.6.17.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * apache2-utils-2.4.51-150400.6.17.1 * apache2-prefork-2.4.51-150400.6.17.1 * apache2-devel-2.4.51-150400.6.17.1 * apache2-debugsource-2.4.51-150400.6.17.1 * apache2-worker-debuginfo-2.4.51-150400.6.17.1 * apache2-utils-debuginfo-2.4.51-150400.6.17.1 * apache2-prefork-debuginfo-2.4.51-150400.6.17.1 * apache2-debuginfo-2.4.51-150400.6.17.1 * apache2-worker-2.4.51-150400.6.17.1 * apache2-2.4.51-150400.6.17.1 * SUSE Manager Server 4.3 (noarch) * apache2-doc-2.4.51-150400.6.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38709.html * https://www.suse.com/security/cve/CVE-2024-24795.html * https://www.suse.com/security/cve/CVE-2024-27316.html * https://bugzilla.suse.com/show_bug.cgi?id=1221401 * https://bugzilla.suse.com/show_bug.cgi?id=1222330 * https://bugzilla.suse.com/show_bug.cgi?id=1222332 . SUSE unveils vital security enhancements for Nginx, targeting severe weaknesses. Apply suggested updates immediately!. SUSE Linux, apache2 security update, security advisory, system administration. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 31, 2024 Important SuSE
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorymoderatesecurity update

Debian 10 Buster: DLA-3819-1 Moderate: Apache Security Fix for Fossil

Fossil was broken by fixes of CVE-2024-24795 for apache2 package, and needed an update. As part of the security fix, the Apache webserver . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3819-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès May 25, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : fossil Version : 1:2.8-1+deb10u1 CVE ID : CVE-2024-24795 Debian Bug : 1070069 Fossil was broken by fixes of CVE-2024-24795 for apache2 package, and needed an update. As part of the security fix, the Apache webserver mod_cgi module has stopped relaying the Content-Length field of the HTTP reply header from the CGI programs back to the client in cases where the connection is to be closed and the client is able to read until end-of-file. Fossil was fixed by reading the whole input, re-allocating the input buffer to fit as more input is received, instead of trusting the CONTENT_LENGTH variable. For Debian 10 buster, this problem has been fixed in version 1:2.8-1+deb10u1. We recommend that you upgrade your fossil packages. For the detailed security status of fossil please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/fossil Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ensure your legacy packages are improved post Debian LTS Advisory DLA-3819-1, which addresses the vulnerability impacting apache.. Debian LTS, Fossil Security, Apache Update, Security Fix, System Upgrade. . LinuxSecurity.com Team

Calendar 2 May 25, 2024 Debian LTS
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian 11 DSA-5662-1 Critical Apache2 HTTP Response Problems

Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. For the oldstable distribution (bullseye), these problems have been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5662-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2023-31122 CVE-2023-38709 CVE-2023-43622 CVE-2023-45802 CVE-2024-24795 CVE-2024-27316 Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover essential patches in nginx that address several vulnerabilities leading to HTTPS complications in Ubuntu systems.. Debian Security Advisory, Apache HTTP Server, Security Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 16, 2024 Critical Debian
Banner 1 1028x280 1708121660 1771599717
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorysecurity issuecritical

Slackware 15.0: 2022-328-01 Critical: Ruby HTTP Response Splitting Issue

New ruby packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ruby (SSA:2022-328-01) New ruby packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/ruby-3.0.5-i586-1_slack15.0.txz: Upgraded. This release includes a security fix: HTTP response splitting in CGI. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-33621 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: b201d04447260bc81463148100d69cbd ruby-3.0.5-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 8218c01a2eeeb7924c86af0c24be9872 ruby-3.0.5-x86_64-1_slack15.0.txz Slackware -current package: def68ace6305e7bcdcce1a88069614eb d/ruby-3.1.3-i586-1.txz Slackware x86_64 -current package: b6b8d84e18aed592d9e194bb3e041928 d/ruby-3.1.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ruby-3.0.5-i586-1_slack15.0.txz +-----+ . Recent updates to Ruby packages for Slackware address vulnerabilities related to HTTP response splitting and enhance overall security protocols.. Ruby Security Update, Slackware Security, HTTP Response Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 24, 2022 Critical Slackware
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian DSA-5102-1 HAProxy Denial Of Service - CVE-2022-0711

A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the "Set-Cookie2" header, which can result in an unbounded loop, causing a denial of service. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5102-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso March 13, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : haproxy CVE ID : CVE-2022-0711 A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the "Set-Cookie2" header, which can result in an unbounded loop, causing a denial of service. For the stable distribution (bullseye), this problem has been fixed in version 2.2.9-2+deb11u3. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/haproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Security Advisory DSA-5103-1 highlights a critical vulnerability in OpenSSL that may allow unauthorized access to sensitive data.. haproxy security, denial of service exploits, debian advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 13, 2022 Important Debian
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateupdate

Red Hat: RHSA-2020-1963-01 Moderate Ruby Security Update

An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2020:1963-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1963 Issue date: 2020-04-29 CVE Names: CVE-2017-17742 CVE-2018-8778 ==================================================================== 1. Summary: An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: Buffer under-read in String#unpack (CVE-2018-8778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply thisupdate, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1561952 - CVE-2017-17742 ruby: HTTP response splitting in WEBrick 1561953 - CVE-2018-8778 ruby: Buffer under-read in String#unpack 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5): Source: ruby-2.0.0.648-36.el7_5.src.rpm noarch: ruby-irb-2.0.0.648-36.el7_5.noarch.rpm rubygem-rdoc-4.0.0-36.el7_5.noarch.rpm rubygems-2.0.14.1-36.el7_5.noarch.rpm x86_64: ruby-2.0.0.648-36.el7_5.x86_64.rpm ruby-debuginfo-2.0.0.648-36.el7_5.i686.rpm ruby-debuginfo-2.0.0.648-36.el7_5.x86_64.rpm ruby-libs-2.0.0.648-36.el7_5.i686.rpm ruby-libs-2.0.0.648-36.el7_5.x86_64.rpm rubygem-bigdecimal-1.2.0-36.el7_5.x86_64.rpm rubygem-io-console-0.4.2-36.el7_5.x86_64.rpm rubygem-json-1.7.7-36.el7_5.x86_64.rpm rubygem-psych-2.0.0-36.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5): noarch: ruby-doc-2.0.0.648-36.el7_5.noarch.rpm rubygem-minitest-4.3.2-36.el7_5.noarch.rpm rubygem-rake-0.9.6-36.el7_5.noarch.rpm rubygems-devel-2.0.14.1-36.el7_5.noarch.rpm x86_64: ruby-debuginfo-2.0.0.648-36.el7_5.x86_64.rpm ruby-devel-2.0.0.648-36.el7_5.x86_64.rpm ruby-tcltk-2.0.0.648-36.el7_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.7.5): Source: ruby-2.0.0.648-36.el7_5.src.rpm noarch: ruby-irb-2.0.0.648-36.el7_5.noarch.rpm rubygem-rdoc-4.0.0-36.el7_5.noarch.rpm rubygems-2.0.14.1-36.el7_5.noarch.rpm ppc64: ruby-2.0.0.648-36.el7_5.ppc64.rpm ruby-debuginfo-2.0.0.648-36.el7_5.ppc.rpm ruby-debuginfo-2.0.0.648-36.el7_5.ppc64.rpm ruby-libs-2.0.0.648-36.el7_5.ppc.rpm ruby-libs-2.0.0.648-36.el7_5.ppc64.rpm rubygem-bigdecimal-1.2.0-36.el7_5.ppc64.rpm rubygem-io-console-0.4.2-36.el7_5.ppc64.rpm rubygem-json-1.7.7-36.el7_5.ppc64.rpm rubygem-psych-2.0.0-36.el7_5.ppc64.rpm ppc64le: ruby-2.0.0.648-36.el7_5.ppc64le.rpm ruby-debuginfo-2.0.0.648-36.el7_5.ppc64le.rpm ruby-libs-2.0.0.648-36.el7_5.ppc64le.rpm rubygem-bigdecimal-1.2.0-36.el7_5.ppc64le.rpm rubygem-io-console-0.4.2-36.el7_5.ppc64le.rpm rubygem-json-1.7.7-36.el7_5.ppc64le.rpm rubygem-psych-2.0.0-36.el7_5.ppc64le.rpm s390x: ruby-2.0.0.648-36.el7_5.s390x.rpm ruby-debuginfo-2.0.0.648-36.el7_5.s390.rpm ruby-debuginfo-2.0.0.648-36.el7_5.s390x.rpm ruby-libs-2.0.0.648-36.el7_5.s390.rpm ruby-libs-2.0.0.648-36.el7_5.s390x.rpm rubygem-bigdecimal-1.2.0-36.el7_5.s390x.rpm rubygem-io-console-0.4.2-36.el7_5.s390x.rpm rubygem-json-1.7.7-36.el7_5.s390x.rpm rubygem-psych-2.0.0-36.el7_5.s390x.rpm x86_64: ruby-2.0.0.648-36.el7_5.x86_64.rpm ruby-debuginfo-2.0.0.648-36.el7_5.i686.rpm ruby-debuginfo-2.0.0.648-36.el7_5.x86_64.rpm ruby-libs-2.0.0.648-36.el7_5.i686.rpm ruby-libs-2.0.0.648-36.el7_5.x86_64.rpm rubygem-bigdecimal-1.2.0-36.el7_5.x86_64.rpm rubygem-io-console-0.4.2-36.el7_5.x86_64.rpm rubygem-json-1.7.7-36.el7_5.x86_64.rpm rubygem-psych-2.0.0-36.el7_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.7.5): noarch: ruby-doc-2.0.0.648-36.el7_5.noarch.rpm rubygem-minitest-4.3.2-36.el7_5.noarch.rpm rubygem-rake-0.9.6-36.el7_5.noarch.rpm rubygems-devel-2.0.14.1-36.el7_5.noarch.rpm ppc64: ruby-debuginfo-2.0.0.648-36.el7_5.ppc64.rpm ruby-devel-2.0.0.648-36.el7_5.ppc64.rpm ruby-tcltk-2.0.0.648-36.el7_5.ppc64.rpm ppc64le: ruby-debuginfo-2.0.0.648-36.el7_5.ppc64le.rpm ruby-devel-2.0.0.648-36.el7_5.ppc64le.rpm ruby-tcltk-2.0.0.648-36.el7_5.ppc64le.rpm s390x: ruby-debuginfo-2.0.0.648-36.el7_5.s390x.rpm ruby-devel-2.0.0.648-36.el7_5.s390x.rpm ruby-tcltk-2.0.0.648-36.el7_5.s390x.rpm x86_64: ruby-debuginfo-2.0.0.648-36.el7_5.x86_64.rpm ruby-devel-2.0.0.648-36.el7_5.x86_64.rpm ruby-tcltk-2.0.0.648-36.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-17742 https://access.redhat.com/security/cve/CVE-2018-8778 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqlSAtzjgjWX9erEAQiq5RAAmz/4Ht+RnNPOT5IVzzQFs3ASODNl6PEf bQCySnx6224EuC8rDWn99dVIPfdAsmK56HUxMkPgcZrBULjwkXgbIQJflziwpgYa ZuzfhuALRROGtkIzTwdtk/pOncIx/rP9CeD71pG+0zFVjZdIxiSNNe3U4ARu9mSp 6HaYY9Gy1CrbZnglA4+MM8J1z8U+KTLseJx1ugSnFGPUITMzUMaOOGXCIPDHf1iC H8+hvIiDQONsy+DIzQpkQKIoyqN9fE7ecdsEMhDOwe5n8adPG+YwRgjKgjEy5AR3 5z0p+bIK1tYxUtYzqOXPtenoCIqLYqf9jq6sabSSHs5gjffguAbAHrdKRSu6chv6 DaE6Hl+2W/q2ifmHRW6rk5FlaJyJol8SV9OzuegPJ3Vk6xzydCXuqG+NP0lD1imp p+RBAjsydbJ7ddNU2J5q2ct8fSFp4BRKQTBdhoOIjdoiWXC/pmKX6FTzGNndbm52 /zQAGxrTatoAgxPsN2BpH/yuhFof5diDZgzxKhhObSmKTUQA/oyw+Va/174z3zyG IS8/hUStLU5RJLx3mCPVQflGGM78Jeg7UGBGC8sDcU6BE4zcIEGJR7+D4VwS8Iu0 +bJn+rG3H0dtm4LoAeU7eCHGZTrph7dHOHjcnNnf6AsuOKweSUNYPeazHtoaFS8i h2qbRSZcW68=sJoc -----END PGPSIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle releases a critical security bulletin for an essential Java upgrade tackling XML external entity injection and input validation flaws.. Red Hat Ruby Update, Security Advisory, Linux Enterprise, Software Security. . LinuxSecurity.com Team

Calendar 2 Apr 29, 2020 Red Hat
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian: DSA-4668-1 Critical: OpenJDK 8 DoS and TLS Issues

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For the oldstable distribution (stretch), these problems have been fixed in version 8u252-b09-1~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent security update for OpenJDK 8 addresses several vulnerabilities in Debian, enhancing the reliability and security measures in place.. openjdk, debian security, denial of service, java runtime update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 28, 2020 Critical Debian
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here